Stefan B&#xC3;&#xBC;hler discovered that the Debian specific configuration file for lighttpd webserver FastCGI PHP support used a fixed socket name in the world-writable /tmp directory. A symlink attack or a race condition could be exploited by a malicious user on the same machine to take over the PHP control socket and for example force the webserver to use a different PHP version. As the fix is ...

Multiple security issues have been found in Icedove, Debian"s version of the Mozilla Thunderbird mail and news client. Multiple memory safety errors, use-after-free vulnerabilities, missing permission checks, incorrect memory handling and other implementaton errors may lead to the execution of arbitrary code, privilege escalation, information disclosure or cross-site request forgery. As already an ...

It was discovered that in Mediawiki, a wiki engine, several API modules allowed anti-CSRF tokens to be accessed via JSONP. These tokens protect against cross site request forgeries and are confidential.

It was discovered discovered that SSL connections with client certificates stopped working after the DSA-2795-1 update of lighttpd. An upstream patch has now been applied that provides an appropriate identifier for client certificate verification.

Christian Mainka and Vladislav Mladenov reported a vulnerability in the OpenID module of Drupal, a fully-featured content management framework. A malicious user could exploit this flaw to log in as other users on the site, including administrators, and hijack their accounts. These fixes require extra updates to the database which can be done from the administration pages.

Several vulnerabilities have been found in file, a file type classification tool. Aaron Reffett reported a flaw in the way the file utility determined the type of Portable Executable format files, the executable format used on Windows. When processing a defective or intentionally prepared PE executable which contains invalid offset information, the file_strncmp routine will access memory that is ...

Bastian Blank reported a denial of service vulnerability in Email::Address, a Perl module for RFC 2822 address parsing and creation. Email::Address::parse used significant time on parsing empty quoted strings. A remote attacker able to supply specifically crafted input to an application using Email::Address for parsing, could use this flaw to mount a denial of service attack against the applicatio ...